Quote:The Milanote app, billed as the “Evernote for creatives” by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways (SEGs), researchers said.
Milanote is a tool for organizing and collaborating on creative projects. Users can arrange their projects into handy visual boards that can be shared and collaboratively edited, with the ability to add notes, images, links, files and so on. It counts several heavy hitters as customers, including Chanel, Facebook, Google, Nike and Uber, among many others.
According to analysis from Avanan released Thursday, attackers are looking to hook victims by starting off with a simple email. It has the subject line, “Invoice for Project Proposal.” The email body is pretty bare-bones, saying only, “Hello. See attached invoice for the above referenced project. Please contact me if you have questions or need additional information. Thank you.” It doesn’t contain any personalization, logos or other social-engineering aspects.
“The email itself is pretty standard issue,” Gil Friedrich, CEO and co-founder of Avanan, told Threatpost in an interview. “It gets attention with the subject of ‘Invoice for Project Proposal.’ It’s certainly not the most sophisticated effort in the world, however, it understands what emails can get past static scanners, including, in this case, Milanote.”
Should a target open the attachment, a document opens that contains one line (“I have shared a file with you. Please click link[s] below to download”) followed by a clickable button that says “Open Docs.”
If the person clicks the button, they’re taken to a page hosted in the Milanote service:
Clicking this final link takes the target to a phishing page that attempts to harvest various types of credentials, researchers said.
Read more: Phish Swims Past Email Security with Milanote Pages | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
